package com.aloudmeta.grpc.support.check;

import io.grpc.MethodDescriptor;
import org.springframework.security.access.AccessDecisionVoter;
import org.springframework.security.access.ConfigAttribute;
import org.springframework.security.access.SecurityMetadataSource;

import java.util.Collection;

/**
 * A {@link SecurityMetadataSource} for grpc requests.
 *
 * <p>
 * <b>Note:</b> The authorization checking via this metadata source will only be enabled, if both an
 * {@link AccessDecisionVoter} and a {@link net.devh.boot.grpc.server.security.check.GrpcSecurityMetadataSource} are present in the application context.
 * </p>
 *
 */
public interface GrpcSecurityMetadataSource extends SecurityMetadataSource {

    /**
     * Accesses the {@code ConfigAttribute}s that apply to a given secure object.
     *
     * @param method The grpc method being secured.
     * @return The attributes that apply to the passed in secured object. Should return an empty collection if there are
     *         no applicable attributes.
     */
    Collection<ConfigAttribute> getAttributes(final MethodDescriptor<?, ?> method);

}
